ACE20 gre problem
Hi,
I want to route gre traffic through an ACE20, but it doesn't seem to work. The only thing I configured was an ACL with gre enabled, but the ACE20 seems to drop the gre packtes. The gre traffic is entering via the vlan 561 interface and should be send out via the vlan 472 interface. Source 10.94.32.212, destination 10.94.132.39. The tunnel control traffic on port tcp/1723 is working fine. In the service-policies is nothing configured for the gre traffic.
Can anyone help me?
ACE configuration
access-list ALL line 10 extended permit ip any any
access-list ALL line 20 extended permit icmp any any
access-list ALL line 30 extended permit gre any any
access-list NAT-472 line 10 extended permit tcp 10.94.132.0 255.255.255.128 10.94.133.0 255.255.255.0
access-group input ALL
interface vlan 472
ip address 10.94.132.2 255.255.255.128
ip dhcp relay server 10.94.62.158
ip dhcp relay server 10.94.62.173
ip dhcp relay enable
alias 10.94.132.1 255.255.255.128
peer ip address 10.94.132.3 255.255.255.128
no normalization
nat-pool 461 10.94.132.4 10.94.132.4 netmask 255.255.255.255 pat
service-policy input ALLOW-ICMP
service-policy input LB-POLICY-VLAN561
service-policy input NAT-472
no shutdown
interface vlan 561
ip address 10.94.83.77 255.255.255.248
alias 10.94.83.76 255.255.255.248
peer ip address 10.94.83.78 255.255.255.248
no normalization
nat-pool 561 10.94.148.5 10.94.148.5 netmask 255.255.255.255 pat
service-policy input ALLOW-ICMP
service-policy input LB-POLICY-VLAN561
no shutdown
ip route 0.0.0.0 0.0.0.0 10.94.83.73
The problem is solved with a reload of the 6509 switch with the ACE module. Probably an interface problem on the ACE due to changes.
Similar Messages
-
ACE20 and TLSv1.0 extensions problem
Hi,
I have a problem with an ACE20 running software version A2(2.3) [build 3.0(0)A2(2.3)].
We have a simple load-balancing arrangement for two Apache webservers. All we do is pass HTTP and HTTPS traffic through to one of two servers. we don't do SSL termination or initiation on the ACE - just passthrough.
We now have a requirement to support connections that only use TLSv1.0 with no fallback to SSLv3. If I use IE8 the connection works. If I use IE9 or FF19 then the connection fails. I've traced this to the use of TLS extensions in the ClientHello packet - which came after the TLSv1.0 RFC. IE8 doesn't send extensions whereas the other browsers do. I can replicate the problem with the OpenSSL s_client application. What surprises me is that the ACE checks the structure of the TLS negotiation even though I'm not asking it to make decisions about it. I can see why this would be done as a security feature if the ACE implemented a strict RFC2246-compliant server - the extensions having bee added post-RFC.
Is there any way to tell the ACE to forward SSL packets and not worry too much about the contents? I've checked all the Release notes and can't find any relevant caveats.
Thank you
CathyHi Ajay,
Disabling normalization made no difference. I thought it might help, but I think it only looks at the gross structure of the packets and doesn't worry about RFC2246 compliance.
The relevant parts of the configuration are shown below:
rserver host web-web1
ip address a.b.c.d
inservice
rserver host web-web2
ip address a.b.c.e
inservice
serverfarm host FARM-web2
rserver web-web1
inservice
rserver web-web2
inservice
sticky ip-netmask 255.255.255.255 address source FARM-web2-Sticky
timeout 99
replicate sticky
serverfarm FARM-web2 backup FARM-sorry
class-map match-any L4VIPCLASS
2 match virtual-address x.y.z.t tcp eq www
3 match virtual-address x.y.z.t tcp eq https
6 match virtual-address x.y.z.t tcp eq 81
policy-map type loadbalance first-match LB-POLICY
class class-default
sticky-serverfarm FARM-web2-Sticky
policy-map multi-match L4POLICY
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy LB-POLICY
loadbalance vip icmp-reply active
loadbalance vip advertise
service-policy input L4POLICY
As you see, the configuration is about as simple as it can be.
Kind Regards
Cathy -
Problem with a simple GRE tunnel
Hello everyone:
I have a problem with a simple GRE tunnel, and can not make it work, the problem lies in the instruction "tunnel source loopback-0" if I use this command does not work, now if I use "tunnel source <ip wan >" if it works, someone can tell me why?
Thanks for your help
Router 1: 2811
version 12.4
no service password-encryption
hostname cisco2811
no aaa new-model
ip cef
interface Loopback0
ip address 2.2.2.2 255.255.255.255
interface Tunnel0
ip address 10.10.1.1 255.255.255.0
tunnel source Loopback0
tunnel destination 217.127.XXX.188
interface Tunnel1
ip address 10.10.2.1 255.255.255.0
tunnel source Loopback0
tunnel destination 80.32.XXX.125
interface FastEthernet0/0
description LOCAL LAN Interface
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/1
description WAN Interface
ip address 195.77.XXX.70 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 195.77.XXX.65
ip route 192.168.3.0 255.255.255.0 Tunnel0
ip route 192.168.4.0 255.255.255.0 Tunnel1
ip nat inside source route-map salida-fibra interface FastEthernet0/1 overload
access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
route-map salida-fibra permit 10
match ip address 120
Router 2: 2811
version 12.4
service password-encryption
ip cef
no ip domain lookup
multilink bundle-name authenticated
username admin privilege 15 password 7 104CXXXXx13
interface Loopback0
ip address 4.4.4.4 255.255.255.255
interface Tunnel0
ip address 10.10.1.2 255.255.255.0
tunnel source Loopback0
tunnel destination 195.77.XXX.70
interface Ethernet0
ip address 192.168.3.251 255.255.255.0
ip nat inside
ip virtual-reassembly
hold-queue 100 out
interface ATM0
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
ip address 217.127.XXX.188 255.255.255.192
ip nat outside
ip virtual-reassembly
no ip route-cache
no snmp trap link-status
pvc 8/32
encapsulation aal5snap
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 192.168.1.0 255.255.255.0 Tunnel0
ip nat inside source route-map nonat interface ATM0.1 overload
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 permit ip 192.168.3.0 0.0.0.255 any
route-map nonat permit 10
match ip address 120Hello, thank you for the answer, as to your question, I have no connectivity within the tunnel, whether from Router 1, I ping 10.10.1.2 not get response ...
Now both routers remove the loopback, and the interface tunnel 0 change the tunnel source to "tunnel source " tunnel works perfectly, the problem is when I have to use the loopback. Unfortunately achieved when the tunnel work, this will have to endure multicast, and all the examples found carrying a loopback as' source '... but this is a step back ..
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.10.1.1/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 2.2.2.2 (Loopback0), destination 217.127.XXX.188
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 09:04:38, output 00:00:19, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
11101 packets output, 773420 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out -
WRT160N v2 VPN Problem ( GRE Protocol )
Hi,
I just owned a WRT160N router. But this router does not allow GRE protocol. I use a VPN server on my local network and I only need PPTP ( made NAT 1723 TCP ) and GRE Protokol 47 ( cant find anything about this ) to be routed to my VPN server. 1723 works ok but not GRE.
I checked all settings on Security / VPN Passthrough but the problem persists. Does anybody have solution for this? My firmware is Firmware Version: v2.0.02I am afraid the router does not support GRE Protocol...
-
6500 sup 720 with MPLS, GRE and FWSM problem
We have 6500 sup 720 with MPLS configured and FWSM in transparent mode. We also terminate GRE tunnels on the same 6500.
After implementing the command “mls mpls tunnel-recir” GRE tunnels are hardware switched (which we want them to be), but we don’t have any more connection from locations thru GRE tunnels to servers behind FWSM.
Does anybody have idea how to solve this problem?Hi,
not sure what you mean exactly.
the command “mls mpls tunnel-recir” is needed to avoid packets corruption in cases where the Supervisor engine is handling both the GRE header encapsulation and the MPLS label stack imposition. Since it cannot do it in one single shot (without causing random corruption) recirculation is needed. Nevertheless its presence does not influence whether the GRE traffic is handled in hardware or in software. Even without it, IF THE GRE TUNNELS ARE CORRECTLY CONFIGURED (meaning that each GRE tunnels has its unique source address etc.), the traffic is handled in hardware.
However since you say that after you enabled it you don't have connectivty anymore I suppose that some issue related to recirculation is happening (i.e. traffic ends up in the wrong internal vlan after recirculation).
Unfortunately the support forum is not meant to help in this case as in-depth troubleshooting is required. For that you need a TAC case.
regards,
Riccardo -
Windows Replication RPC Problems with IPSec GRE Tunnel
We have been having significant issue in troubleshooting random RPC errors with our directory controllers (MS AD 2008R2) and our distributed file shares. Both services will randomly stop working, throwing RPC errors as the resulting cause. We have been all over both Cisco and Microsoft forums in trying to troubleshoot this problem. I'm trying to the Cisco forums first to see if anyone has any network layer thoughts as to best practices or ways to configure the tunnel.
Our network is simple: two small branch offices connected to each other with two Cisco 2901 ISRs. An IPSec GRE tunnel exists between both offices. Interoffice bandwidth is approximately 10mbps. Pings between offices work, remote desktop works most of the time, file transfers work, and DNS lookups work across both locations. We really don't have a complicated environment, I'd think it wouldn't be too hard to set up. But this just seems to be escaping me. I can't think of anything at the network layer that would be causing problems but I was curious whether anyone else out there with knowledge of small office VPNs might be able to render some thoughts on the matter.
Please let me know if there is anything further people need to see. My next step is MS forums but I wanted to eliminate layer 3 first.
Tunnel Config:
crypto map outside_crypto 10 ipsec-isakmp
set peer x.x.x.x
set transform-set ESP-AES-SHA
match address 102
crypto ipsec df-bit clear
interface Tunnel0
bandwidth 10240
ip address x.x.x.x x.x.x.x
no ip redirects
ip mtu 1420
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1375
tunnel source GigabitEthernet0/0
tunnel destination x.x.x.x
crypto ipsec df-bit clear
endHi,
Based on the third-party article below, you can setup VPN connection between Windows VPN client and Cisco firewall:
Step By Step Guide To Setup Windows 7/Vista VPN Client to Remote Access Cisco ASA5500 Firewall
What is the Windows server 2008 R2 for, a RADIUS server? If yes, maybe the links below would be helpful to you:
RADIUS: Configuring Client VPN with Windows 2008 Network Policy Server (NPS) RADIUS Authentication
Configuring RADIUS Server on Windows 2008 R2 for Cisco Device Logins
RADIUS authentication for Cisco switches using w2k8R2 NPS
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best regards,
Susie -
Can I use a GRE tunnel to solve my problem?
Please see the attached file for a topology of the relevant portions of this network.
All but three of the APs at Building B are plugged into Cisco 3650 switches that are also acting as the WLCs. This allows for local switching of WiFi client traffic. The WiFi clients are tagged with VLAN 20 and the PCs at Building B are tagged with VLAN 10. Inter-VLAN routing occurs at the 3560 in Building B. This is important so that iPads on the WiFi network are switched locally with the PCs in the classroom. I then turn on the mDNS feature on the 3650/WLC so that we can use our PCs as "Apple TVs" via a program called Air Server. This allows the teacher to project the iPad onto the PC, which is then projected to the SMART Board.
My problem is with the 3 classrooms whose APs plug into a 2960-PS. These APs are managed by the dedicated WLC-5760 located at Building A. This means that the teacher PC is using the 3560 in Building B as the default gateway while the wireless traffic is being handled by the 3750 in Building A. The last time I checked, the WLC 5700 series controllers did not have Flex Connect as a feature.
Here's my question: Is there any type of IP tunneling solution I could use to tunnel a particular client or VLAN so that it can be routed at Building A? I've only played with tunneling from an IPv4/IPv6 standpoint. Thank you for your time!Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You're correct, you cannot extend L2 across L3 unless you use some kind of encapsulation technology, for example, the already mentioned L2TPv3 or pseudo-wire over MPLS, etc.
However, what I have in mind for extending a VLAN means converting a routed p2p link to a L2 trunk link (I'm assuming the equipment, e.g. L3 switches, can support this). Across the trunk, you can extend your VLAN(s). For the routers, you can dedicate a new VLAN, across just the trunk, that takes the place of the former p2p. I.e. so you can do both L2 and L3 across the same physical link.
[edit]
I didn't see Jon's post until after I posted above, but he's explaining, in more detail, what I had in mind. -
I'm trying to restore bookmarks from a .json file (as xmarks keeps duplicating and corrupting my list) and Firefox often works really slowly also. I know this as I ususally get a script message errors and option to continue or stop.. In this case with restoring bookmarks everytime I try to restore with my saved .json file I get an interruption, and the message " A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete. script: resource://gre/modules/PlacesUtils.jsm:1436" i stop the script (if i continue the same warning comes up) and then get half of my bookmarks restored or similar only if that, and another message telling me FF is unable to process the bookmarks!? I think this unresponsive script is the one that randomly comes up when I'm working FF hard, and causes it to run slowly- or it is a very similar looking message. Any comments and ideas appreciated .
Running on Macbook pro 2GHz Intel Core 2Duo, 2Gb 667 Mhz DDR2 OS 10.6.8One other thing....the same script error on Ubuntu Linux 11.10 on my old Dell. And it seems that the backup I thought I had made probably was saved incorrectly, again only half of the bookmarks I had sorted out were created in the file- i should have exported a copy as another safeguard!
-
ASA 5505 + ASA 5540 static VPN, ssh and rdp problems
Greetings!
I've recentely set up a VPN between Cisco ASA 5540(8.4) ana 5505(8.3).
Everything works fine, but there is a small problem that is really annoying me.
From the inside network behind ASA 5505 I connect via rdp or ssh to a host inside ASA 5540.
Then I minimize ssh and rdp windows and don't use it for ten minutes. But I still use VPN for downloading some files.
Then I open ssh window - the session is inactive, open rdp window - I see a black screen (for 10-15 seconds, and then it shows RDP)
There are no timeouts on ssh or rdp hosts configured, via GRE tunnel it works perfectly without any hangs.
What can I do to get rid of this problem?
Thanks in advance.Dear Fedor,
You could try adding the following commands to your configuration (on both ASAs) in order to increase the timeout values of the specific TCP sessions:
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 22
access-l rdp_ssh permit tcp 1.1.1.0 255.255.255.0 2.2.2.0 255.255.255.0 eq 3389
class-map TCP_TIMEOUT
match access-list rdp_ssh
policy-map global_policy
class TCP_TIMEOUT
set connection timeout idle 0:30:00
set connection timeout half 0:30:00
* Please make sure you define the specific RDP and SSH ports in the ACL and avoid the use of "permit ip any any".
Let me know.
Portu.
Please rate any post you find useful. -
Dynamin VPN/GRE can't ping other side of tunnel
I am new at this VPN stuff and tryiong to setup a GRE Dynamic IP VPN between my offfice and home. Here is what I ahve done thus far:
OFFICE
interface Tunnel0
ip address 172.30.1.1 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1
interface FastEthernet0/0
ip address 40.197.68.9 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
HOME
interface Tunnel0
ip address 172.30.1.2 255.255.255.252
ip mtu 1400
ip nhrp map multicast 40.197.68.9
ip nhrp map 172.30.1.1 40.197.68.9
ip nhrp network-id 1
ip nhrp nhs 172.30.1.1
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0
tunnel destination 40.197.68.9
tunnel key 1
interface GigabitEthernet0/0
description Router
ip address 192.168.30.1 255.255.255.252
duplex auto
speed auto
When I ping 172.30.1.1 from the HOME router, I get 0/5 success. Not good! I have not setup any IPSec yet.
Results for HOME router
show ip nhrp nhs detail
Legend: E=Expecting replies, R=Responding, W=Waiting
Tunnel0:
172.30.1.1 E priority = 0 cluster = 0 req-sent 53 req-failed 0 repl-recv 0
sh int t0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.30.1.2/30
MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.30.1 (GigabitEthernet0/0), destination 40.197.68.9
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with GigabitEthernet0/0
Set of tunnels with source GigabitEthernet0/0, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key 0x1, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1472 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:40:28, output 00:00:25, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
106 packets output, 12612 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
sh ip route
Gateway of last resort is 192.168.30.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.30.2
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.110.0.0/24 is directly connected, GigabitEthernet0/1.110
L 10.110.0.1/32 is directly connected, GigabitEthernet0/1.110
C 10.115.0.0/24 is directly connected, GigabitEthernet0/1.115
L 10.115.0.1/32 is directly connected, GigabitEthernet0/1.115
172.16.0.0/30 is subnetted, 1 subnets
S 172.16.2.0 [1/0] via 192.168.30.6
172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.30.1.0/30 is directly connected, Tunnel0
L 172.30.1.2/32 is directly connected, Tunnel0
S 192.168.2.0/24 is directly connected, GigabitEthernet0/0
S 192.168.10.0/24 is directly connected, GigabitEthernet0/0
192.168.30.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.30.0/30 is directly connected, GigabitEthernet0/0
L 192.168.30.1/32 is directly connected, GigabitEthernet0/0
C 192.168.30.4/30 is directly connected, GigabitEthernet0/1.30
L 192.168.30.5/32 is directly connected, GigabitEthernet0/1.30
S 192.168.50.0/24 [1/0] via 192.168.30.6
192.168.69.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.69.0/24 is directly connected, GigabitEthernet0/1.69
L 192.168.69.3/32 is directly connected, GigabitEthernet0/1.69
S 192.168.100.0/24 [1/0] via 192.168.30.6
S 192.168.125.0/24 [1/0] via 192.168.30.6
S 192.168.200.0/24 [1/0] via 192.168.30.6
sh dmvpn
Interface: Tunnel0, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
1 50.197.68.90 172.30.1.1 NHRP 02:30:17 S
Results for OFFICE router
show ip nhrp nhs detail
sh dmvpn
sh int t0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.30.1.1/30
MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 40.197.68.9 (FastEthernet0/0)
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with FastEthernet0/0
Set of tunnels with source FastEthernet0/0, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport multi-GRE/IP
Key 0x1, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1472 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:43:56, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
show ip route
S* 0.0.0.0/0 [1/0] via 40.197.68.94
40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 40.197.68.8/29 is directly connected, FastEthernet0/0
L 40.197.68.9/32 is directly connected, FastEthernet0/0
172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.30.1.0/30 is directly connected, Tunnel0
L 172.30.1.1/32 is directly connected, Tunnel0
S 192.168.2.0/24 [1/0] via 192.168.10.5
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.1/32 is directly connected, FastEthernet0/1
S 192.168.69.0/24 is directly connected, FastEthernet0/0
Why can't Io ping from the HOME router to the OFFICE router?I fugured this problem out. I needed to setup PKI/IKE and once that was done on both routers, my tunned now passes some data.
-
I have on Win 2003 server install VPN server.
When I tryed connect i get following error in server's Event log:
A connection between the VPN server and the VPN client [MYPUBLICIP] has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
How I can configure ruter in my case?I use PPTP VPN protocol.
This means that I must forward following ports:
TCP 1723
IP Protocol ID of 47 (0x2F). => This filter allows PPTP tunneled data to the PPTP server
How can I forward IP protocol? -
Generic GRE not working (ver 4.1.3.55)
Hi everybody.
I'm testing in Lab a configuration for one customer.
It's a basic environment with :
DATA CENTER (wccp)
1 WAEs 7341 and 1 Cat6506 routers
BRANCH (inline)
1 WAE 574.
Optimization works with l2-redirect and gre return in DATA CENTER !!
It does not work with egress-method generic-gre inteception-method wccp.
This is the problem that i can see with " show wccp gre" on the 7341..
" Packets received on a disabled service: 667790".
I read some manuals but...
I don't understand .. The service 61 and 62 works !!
So any idea ?
Thanks a lot to everybody
VittorioHy and thanks to be interested.
That's the output you ask :
WAE-DC-01#sh egress-methods
Intercept method : WCCP
TCP Promiscuous 61 :
WCCP negotiated return method : WCCP GRE
Egress Method Egress Method
Destination Configured Used
any Generic GRE Generic GRE
TCP Promiscuous 62 :
WCCP negotiated return method : WCCP GRE
Egress Method Egress Method
Destination Configured Used
any Generic GRE Generic GRE
Intercept method : Generic L2
Egress Method Egress Method
Destination Configured Used
any not configurable IP Forwarding
And here there is another useful :
WAE-DC-01#sh wccp gre
Transparent GRE packets received: 52082
Transparent non-GRE packets received: 0
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 0
Invalid packets received: 0
Packets received with invalid service: 0
Packets received on a disabled service: 50118
Packets received too small: 1964
Packets dropped due to zero TTL: 0
Packets dropped due to bad buckets: 0
Packets dropped due to no redirect address: 0
Packets dropped due to loopback redirect: 0
Pass-through pkts dropped on assignment update:0
Connections bypassed due to load: 0
Packets sent back to router: 50118
GRE packets sent to router (not bypass): 0
Packets sent to another WAE: 0
GRE fragments redirected: 28770
GRE encapsulated fragments received: 0
Packets failed encapsulated reassembly: 0
Packets failed GRE encapsulation: 0
Packets dropped due to invalid fwd method: 0
Packets dropped due to insufficient memory: 0
Packets bypassed, no pending connection: 0
Packets due to clean wccp shutdown: 0
Packets bypassed due to bypass-list lookup: 0
Conditionally Accepted connections: 0
Conditionally Bypassed connections: 0
L2 Bypass packets destined for loopback: 0
Packets w/WCCP GRE received too small: 0
Packets dropped due to received on loopback: 0
Packets dropped due to IP access-list deny: 0
Packets fragmented for bypass: 28770
Packets fragmented for egress: 0
Packet pullups needed: 57543
Packets dropped due to no route found: 0
Any new idea ?
Thanks
Vittorio -
IP routing utilizing Verizon private network (GRE tunnel) with remote cellular gateways
Okay, I give up, and think I have done my due diligence (I have been engrossed and fascinated spending many more hours than allotted to try and learn some of the finer details). Time for some advice. My usual trade is controls engineering which generally require only basic knowledge of networking principals. However I recently took a job to integrate 100 or so lift stations scattered around a county into a central SCADA system. I decided to use cellular technology to connect these remote sites back to the main SCADA system. Well the infrastructure is now in and it’s time to get these things talking. Basic topology description is as follows: Each remote site has an Airlink LS300 gateway. Attached to the gateway via Ethernet is a system controller that I will be polling via Modbus TCP from the main SCADA system. The Airlinks are provisioned by Verizon utilizing a private network with static IP's. This private networks address is 192.168.1.0/24. Back at the central office the SCADA computer is sitting behind a Cisco 2911. The LAN address of the central office is 192.168.11.0/24. The 2911 is utilizing GRE tunnels that terminate with Verizon. The original turn up was done with another contractor that did a basic config of the router which you will find below. As it stands now I am pretty confident the tunnels are up and working (if I change a local computers subnet to 255.255.0.0 I can surprisingly reach the airlinks in the field), but this is obviously not the right way to solve the problem, not to mention I was unable to successfully poll the end devices on the other side of the Airlinks. I think I understand just about every part of the config below and think it is just missing a few items to be complete. I would greatly appreciate anyone’s help in getting this set up correctly. I also have a few questions about the set up that still don’t make sense to me, you will find them below the config. Thanks in advance.
no aaa new-model
ip cef
ip dhcp excluded-address 10.10.10.1
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
ip domain name yourdomain.com
no ipv6 cef
multilink bundle-name authenticated
username cisco privilege 15 one-time secret
redundancy
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key AbCdEf01294 address 99.101.15.99
crypto isakmp key AbCdEf01294 address 99.100.14.88
crypto ipsec transform-set VZW_TSET esp-3des esp-md5-hmac
mode transport
crypto map VZW_VPNTUNNEL 1 ipsec-isakmp
description Verizon Wireless Tunnel
set peer 99.101.15.99
set peer 99.100.14.88
set transform-set VZW_TSET
match address VZW_VPN
interface Tunnel1
description GRE Tunnel to Verizon Wireless
ip address 172.16.200.2 255.255.255.252
tunnel source 22.20.19.18
tunnel destination 99.101.15.99
interface Tunnel2
description GRE Tunnel 2 to Verizon Wireless
ip address 172.16.200.6 255.255.255.252
tunnel source 22.20.19.18
tunnel destination 99.100.14.88
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.248
shutdown
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.11.1 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/2
ip address 22.20.19.18 255.255.255.0
duplex full
speed 100
crypto map VZW_VPNTUNNEL
router bgp 65505
bgp log-neighbor-changes
network 0.0.0.0
network 192.168.11.0
neighbor 172.16.200.1 remote-as 6167
neighbor 172.16.200.5 remote-as 6167
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 22.20.19.19
ip access-list extended VZW_VPN
permit gre host 99.101.15.99 host 22.20.19.18
permit icmp host 99.101.15.99 host 22.20.19.18
permit esp host 99.101.15.99 host 22.20.19.18
permit udp host 99.101.15.99 host 22.20.19.18 eq isakmp
permit gre host 22.20.19.18 host 99.101.15.99
permit gre host 22.20.19.18 host 99.100.14.88
access-list 23 permit 10.10.10.0 0.0.0.7
control-plane
end
So after spending countless hours analyzing every portion of this, I think that adding one line to this will get it going (or at least closer).
ip route 192.168.1.0 255.255.0.0 22.20.19.19
That should allow my internal LAN to reach the Airlink gateways on the other side of the tunnel (I think)
Now for a couple of questions for those that are still actually hanging around.
#1 what is the purpose of the Ethernet address assigned to each tunnel? I only see them being used in the BGP section where they are receiving routing tables from the Verizon side (is that correct?). Why wouldn't or couldn't you just use the physical Ethernet address interface in its place (in the BGP section)?
#2 is the config above correct in pointing the default route to the physical Ethernet address? Does that force the packets into the tunnel, or shouldn’t you be pointing it towards the tunnel IP's (172.16.200.2)? If the config above is correct then I should not need to add the route I described above as if I ping out to 192.168.1.X that should catch it and force it into the tunnel where Verizon would pick it up and know how to get it to its destination??
#3 Will I need to add another permit to the VZW_VPN for TCP as in the end I need to be able to poll via Modbus which uses port 502 TCP. Or is TCP implicit in some way with the GRE permit?
I actually have alot more questions, but I will keep reading for now.
I really appreciate the time you all took to trudge through this. Also please feel free to point anything else out that I may have missed or that can be improved. Have a great day!This post is a duplicate of this thread
https://supportforums.cisco.com/discussion/12275476/proper-routing-lan-through-verizon-private-network-gre-airlink-gateways
which has a response. I suggest that all discussion of this question be done through the other thread.
HTH
Rick -
Join remote computers in a branch office over vpn(GRE)
Hi
I have a problem with joining computers located in a branch office described in the following, It would be grateful if anyone help me.
I have a FG1240B firewall as edge firewall in my network and a FG60C in branch office, these firewalls can see each other with assigned IPs, in the other hand I established a GRE tunnel between them to increase security and making direct site to site connection.
The tunnel interfaces have it's own IPs. Routes between two LANs are created and computers in branch can see HQ's servers such as DC and Additional DC, it should be noted all services are opened to two side and even branch's computers can resolve records in
DNS and open https web servers and ... .
But I face the problem when i want to join computers to domain, after entering the credentials it returned error message as "the network path was not found" . For solving this problem I found that the TCP ports 139 and 445 (that refers to user
and computer authentication) could not establish connection to DC while all services are open in origin and destination, even DNS service is passed and when I issue the netstat command in branhce's computer, I noticed connection to DC is established in SYN_sent
step and it couldn't step forward to SYN_ack and SYN_RCVD . it is worth to mention that all these logs information were seen in the branch and there is no join query in the firewall 1240B
I know this problem should answered in firewall forums but I asked this question here because i hope anyone can help me :-/
thank you in advance for replyingHi,
You can use a wireshark or network monitor capture to see if any traffic is being blocked/stopped somewhere along the path, when trying to join domain. You do not need WINS. Have you enabled DNS debugging logs on the DC/DNS serversin the hub site and
watched if the client from branch site reaches the server?
Regards,
Calin -
Hello,
i have a issue with IP Version 6 and Zone-Based-Policy-Firewall.
this is the setup:
Router1 (Cisco 1802, IOS 15.1(3)T1, i also tried older IOS):
Dialer 0 to IPV4 Internet
Dialer 6 to IPV6 Internet
Tunnel 0 configured as DMVPN to Router 2
VLAN 1 as internal Interface with IP 192.168.0.0/24 and 2001:xxxx:xxxx:2::/64
Router2 (Cisco 1802, IOS 15.1(3)T1, i also tried older IOS):
Dialer 0 to IPV4 Internet
Tunnel 0 configured as DMVPN to Router 1
VLAN 1 as internal Interface with IP 10.0.0.0/24 and 2001:xxxx:xxxx:1::/64
Router1 connects to IPV6 Internet via Dialer 6
Router2 connects to IPV6 Internet via Tunnel0 (Dynamic-Multipoint-VPN)
Router1 and Router2 are configured with Zone-Based-Policy-Firewall.
When i remove the ZBPF Config from Router1 everything works!
When i configure ZBPF on Router1 the IPV6 Connection between two Routers works in both directions,
the Internet Connection IPV6 from Router1 also works great
but the Internet Connection IPV6 from Router2 doesn't work anymore in the outgoing direction.
(Tunnel0 and VLAN1 are in the ZONE_BUERO_VLAN1, Dialer0 and Dialer6 are in ZONE_INTERNET)
zone security ZONE_INTERNET
zone security ZONE_BUERO_VLAN1
zone-pair security ZP_BUERO_VLAN1__INTERNET source ZONE_BUERO_VLAN1 destination ZONE_INTERNET
service-policy type inspect FW_TO_INTERNET
zone-pair security ZP_INTERNET__BUERO_VLAN1 source ZONE_INTERNET destination ZONE_BUERO_VLAN1
service-policy type inspect FW_INTERNET__BUERO_VLAN1
policy-map type inspect FW_TO_INTERNET
class type inspect FW_GRE
pass
class type inspect FW_ESP
pass
class type inspect FW_ALLES_ERLAUBT_INSPECT2
inspect
class class-default
drop log
policy-map type inspect FW_INTERNET__BUERO_VLAN1
class type inspect FW_GRE
pass
class type inspect FW_ESP
pass
class type inspect FW_IPV6_ALLES
drop log
class class-default
drop log
class-map type inspect match-any FW_GRE
match access-group name FW_GRE
class-map type inspect match-any FW_ESP
match access-group name FW_ESP
class-map type inspect match-any FW_ALLES_ERLAUBT_INSPECT2
match protocol http
match protocol https
match protocol ntp
match protocol dns
ip access-list extended FW_GRE
permit gre any any
ip access-list extended FW_ESP
permit esp any any
ipv6 access-list FW_IPV6_ALLES
permit ipv6 any any
permit icmp any any
permit tcp any any
permit udp any any
Debug Messages: (Seen on Router1)
Client in VLAN1 Router1 is browsing: (2001:xxxx:xxxx:2:C8FD:5EFE:523E:FB55)
- no debug - works -
Client in VLAN1 Router2 is browsing: (2001:xxxx:xxxx:1:C8FD:5EFE:5111:FB55)
*May 24 18:38:18.016: %FW-6-DROP_PKT: Dropping tcp session [2001:xxxx:xxxx:1:C8FD:5EFE:5111:FB55]:56687 [2A02:2E0:3FE:100::7]:80 on zone-pair ZP_BUERO_VLAN1__INTERNET class class-default due to DROP action found in policy-map with ip ident 0
Router1#
*May 24 18:38:48.465: %FW-6-DROP_PKT: Dropping tcp session [2001:xxxx:xxxx:1:C8FD:5EFE:5111:FB55]:56696 [2A02:2E0:3FE:100::7]:80 on zone-pair ZP_BUERO_VLAN1__INTERNET class class-default due to DROP action found in policy-map with ip ident 0
Router1#
*May 24 18:39:21.705: %FW-6-DROP_PKT: Dropping tcp session [2001:xxxx:xxxx:1:C8FD:5EFE:5111:FB55]:56747 [2A02:2E0:3FE:100::7]:80 on zone-pair ZP_BUERO_VLAN1__INTERNET class class-default due to DROP action found in policy-map with ip ident 0
so can you tell me how this it possible, even if i have the same zone membership of two interfaces it works for traffic from vlan 1 but it is blocked for traffic from tunnel 0???Hello,
@Phillip: Thank you, you're right, that solved my "loosing connection" problems while debugging
so here are the debugs: (i made only a few of them, because if i enable to much of them i don't get the dropped packets in the debugs)
Router1#debug policy-firewall events
Policy-Firewall events debugging is on
Router1#debug policy-firewall detail
Policy-Firewall detailed debugging is on
*Jun 7 22:39:50.481: FIREWALL: FW CCE got packet 0x865A3430 in process path
*Jun 7 22:39:50.481: FIREWALL: NEW PAK 865A3430 [2001:xxxx:xxxx:1:8076:7A29:ABFB:708E]:52385 [2A02:2E0:3FE:100::7]:80 tcp
*Jun 7 22:39:50.481: FIREWALL: DROP feature object 0xAAAA000F found
*Jun 7 22:39:50.481: FIREWALL: FW CCE dropping pak 0x865A3430 in process path
Router1#debug policy-firewall packet-path
Policy-Firewall PAK_PATH debugging is on
packet from tunnel 0:
*Jun 7 22:43:45.781: CCE-FW :classify no match (srcaddr:port)-([2001:xxxx:xxxx:1:8076:7A29:ABFB:708E]:0) (dstaddr:port)-([2A02:2E0:3FE:100::7]:0)
*Jun 7 22:43:45.781: CCE-FW :ACCESS_GROUP_NAMED:CCE_DP_NAMED_DB_NOT_MATCHED: type_1_filter = 8764B300, acl = FW_ESP vers = 1
*Jun 7 22:43:45.781: CCE-FW :classify no match (srcaddr:port)-([2001:xxxx:xxxx:1:8076:7A29:ABFB:708E]:0) (dstaddr:port)-([2A02:2E0:3FE:100::7]:0)
*Jun 7 22:43:45.781: CCE-FW :L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:43:45.781: CCE-FW :L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:43:45.781: CCE-FW :L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:43:45.781: CCE-FW :L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:43:45.781: CCE-FW :classify no match (srcaddr:port)-([2001:xxxx:xxxx:1:8076:7A29:ABFB:708E]:0) (dstaddr:port)-([2A02:2E0:3FE:100::7]:0)
Router1#
*Jun 7 22:43:45.781: %FW-6-DROP_PKT: Dropping tcp session [2001:xxxx:xxxx:1:8076:7A29:ABFB:708E]:52403 [2A02:2E0:3FE:100::7]:80 on zone-pair ZP_BUERO_VLAN1__INTERNET class class-default due to DROP action found in policy-map with ip ident 0
*Jun 7 22:43:46.221: CCE-FW*:cce_dp_named_db_inspect_port_to_l7_protocol:L7 protocol is 0 L4 protocol is 0 address is [FE80::215:FAFF:FE0C:A70C] port is 0
*Jun 7 22:43:46.221: CCE-FW*:Packet L7 is 9 L4 prot is 0 granular is 0 (srcaddr:port)-([2001:xxxx:xxxx:2:80B6:E54A:A19:6435]:50900) (dstaddr:port)-([FE80::215:FAFF:FE0C:A70C]:22)
*Jun 7 22:43:46.221: CCE-FW*:L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:43:46.221: CCE-FW*:classify no match (srcaddr:port)-([2001:xxxx:xxxx:2:80B6:E54A:A19:6435]:50900) (dstaddr:port)-([FE80::215:FAFF:FE0C:A70C]:22)
*Jun 7 22:43:46.221: CCE-FW*:cce_dp_named_db_inspect_classify:packet 85977DC4 is not matched
packet from vlan1 (works)
*Jun 7 22:52:16.735: CCE-FW*:Packet L7 is 9 L4 prot is 0 granular is 0 (srcaddr:port)-([2A02:2E0:3FE:100::7]:50929) (dstaddr:port)-([2001:xxxx:xxxx:2:5800:62D5:A2AE:282C]:80)
*Jun 7 22:52:16.735: CCE-FW*:L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:52:16.735: CCE-FW*:classify no match (srcaddr:port)-([2A02:2E0:3FE:100::7]:50929) (dstaddr:port)-([2001:xxxx:xxxx:2:5800:62D5:A2AE:282C]:80)
*Jun 7 22:52:16.735: CCE-FW*:cce_dp_named_db_inspect_classify:packet 856B3D60 is not matched
*Jun 7 22:52:16.735: CCE-FW*:cce_dp_named_db_inspect_port_to_l7_protocol:L7 protocol is 0 L4 protocol is 0 address is [FE80::8C8F:658:1A14:661D] port is 0
*Jun 7 22:52:16.735: CCE-FW*:Packet L7 is 9 L4 prot is 0 granular is 0 (srcaddr:port)-([FE80::215:FAFF:FE0C:A70C]:50929) (dstaddr:port)-([FE80::8C8F:658:1A14:661D]:80)
*Jun 7 22:52:16.735: CCE-FW*:L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:52:16.735: CCE-FW*:classify no match (srcaddr:port)-([FE80::215:FAFF:FE0C:A70C]:50929) (dstaddr:port)-([FE80::8C8F:658:1A14:661D]:80)
*Jun 7 22:52:16.735: CCE-FW*:cce_dp_named_db_inspect_classify:packet 856B420C is not matched
*Jun 7 22:52:16.739: CCE-FW*:cce_dp_named_db_inspect_port_to_l7_protocol:L7 protocol is 0 L4 protocol is 0 address is [FE80::215:FAFF:FE0C:A70C] port is 0
*Jun 7 22:52:16.739: CCE-FW*:Packet L7 is 9 L4 prot is 0 granular is 0 (srcaddr:port)-([FE80::5800:62D5:A2AE:282C]:50929) (dstaddr:port)-([FE80::215:FAFF:FE0C:A70C]:80)
*Jun 7 22:52:16.739: CCE-FW*:L7 protocol match CCE_DP_NAMED_DB_NOT_MATCHED
*Jun 7 22:52:16.739: CCE-FW*:classify no match (srcaddr:port)-([FE80::5800:62D5:A2AE:282C]:50929) (dstaddr:port)-([FE80::215:FAFF:FE0C:A70C]:80)
*Jun 7 22:52:16.739: CCE-FW*:cce_dp_named_db_inspect_classify:packet 85929DEC is not matched
*Jun 7 22:52:16.739: CCE-FW*:cce_dp_named_db_inspect_port_to_l7_protocol:L7 protocol is 0 L4 protocol is 0 address is [FE80::8C8F:658:1A14:661D] port is 0
Router1#
*Jun 7 22:52:17.303: CCE-FW*:ACCESS_GROUP_NAMED:CCE_DP_NAMED_DB_MATCHED: type_1_filter = 8764B300, acl = FW_ESP vers = 0
*Jun 7 22:52:17.303: CCE-FW*:Matched acl, user group or insp protocols
*Jun 7 22:52:17.303: CCE-FW*:L7 is 9 l7 token prot is 0
*Jun 7 22:52:17.331: CCE-FW*:cce_dp_named_db_inspect_port_to_l7_protocol:L7 protocol is 0 L4 protocol is 0 address is 217.92.41.131 port is 0
debug policy-firewall function-trace
- no debug output -
my results are that with "debug policy-firewall packet-path" i can't really see where it matches, but i can see that if the packet comes from tunnel 0 the debug can't see the destination port and therefor cant't match the packet.
i also tried to implement a rule that allows all traffic, not only http: then it is not dropped any more, but the reverse packet is dropped because the stateful inspection doesn't work for that packet.
for me it seems to be a bug.....what do you think?
Maybe you are looking for
-
Phone number is different on iMessage than mine
I keep trying to activate my iMessages but for some reason the phone number that appears is different than mine. How can I fix this?
-
Error message: Validating package signature ... error
Hi All When I try to do CUE upgrade, I got below message. CUE> $64.200/cue-vm-k9.nme.7.0.3.pkg username cisco password cico1234 WARNING:: This command will install the necessary software to WARNING:: complete a clean install. It is recommended that
-
Authorizations for document management
Hi, I'm trying to figure out what every authorization means and which effects it has... I created a new user, gave him all the necessary authorizations to use certain transactions in Document management by making a new role/profile for him After tryi
-
TS1702 How do I remove a buddy in Poker Deluxe?
How do I remove a buddy from Poker Deluxe on iPad wifi 3? ?
-
Safari 7 on Mavericks not reloading last session even though option in preferences selected!
Hi all, I'm going a bit crazy. Safari will NOT reload my tabs from the last session when it opens. I have the correct setting in oreferences selected. I have tried deleting the preferences in library, but all to no avail! Any ideas?! Cheers